From dcfafd9805cf588c9da201333789157713dae7af Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Thu, 2 May 2024 07:50:14 +0300 Subject: Register a client's public key(s). --- gn_auth/auth/authorisation/users/admin/views.py | 57 +++++++++++++++++++++++- gn_auth/templates/admin/view-oauth2-client.html | 58 +++++++++++++++++++++++++ 2 files changed, 114 insertions(+), 1 deletion(-) diff --git a/gn_auth/auth/authorisation/users/admin/views.py b/gn_auth/auth/authorisation/users/admin/views.py index b0bb2db..3aadf49 100644 --- a/gn_auth/auth/authorisation/users/admin/views.py +++ b/gn_auth/auth/authorisation/users/admin/views.py @@ -3,12 +3,14 @@ import uuid import json import random import string +from pathlib import Path from typing import Optional from functools import partial from dataclasses import asdict from urllib.parse import urlparse from datetime import datetime, timezone, timedelta +from authlib.jose import JsonWebKey from email_validator import validate_email, EmailNotValidError from flask import ( flash, @@ -17,7 +19,8 @@ from flask import ( redirect, Blueprint, current_app, - render_template) + render_template, + current_app as app) from gn_auth import session @@ -259,6 +262,58 @@ def view_client(client_id: uuid.UUID): scope=current_app.config["OAUTH2_SCOPE"], granttypes=_FORM_GRANT_TYPES_) +@admin.route("/register-client-public-key", methods=["POST"]) +@is_admin +def register_client_public_key(): + """Register a client's SSL key""" + form = request.form + admin_dashboard_uri = redirect(url_for("oauth2.admin.dashboard")) + view_client_uri = redirect(url_for("oauth2.admin.view_client", + client_id=form["client_id"])) + if not bool(form.get("client_id")): + flash("No client selected.", "alert-danger") + return admin_dashboard_uri + + try: + _client = with_db_connection(partial( + oauth2_client, client_id=uuid.UUID(form["client_id"]))) + if _client.is_nothing(): + raise ValueError("No such client.") + _client = _client.value + except ValueError: + flash("Invalid client ID provided.", "alert-danger") + return admin_dashboard_uri + try: + _key = JsonWebKey.import_key(form["client_ssl_key"].strip()) + except ValueError: + flash("Invalid key provided!", "alert-danger") + return view_client_uri + + keypath = Path(app.config["CLIENTS_SSL_PUBLIC_KEYS_DIR"]).joinpath( + f"{_key.thumbprint()}.pem") + if not keypath.exists(): + with open(keypath, mode="w", encoding="utf8") as _kpth: + _kpth.write(form["client_ssl_key"]) + + from gn_auth.debug import __pk__ + with_db_connection(partial(save_client, the_client=OAuth2Client( + client_id=_client.client_id, + client_secret=_client.client_secret, + client_id_issued_at=_client.client_id_issued_at, + client_secret_expires_at=_client.client_secret_expires_at, + client_metadata={ + **_client.client_metadata, + "public_keys": list(set( + _client.client_metadata.get("public_keys", []) + + [str(keypath)]))}, + user=_client.user))) + flash("Client key successfully registered.", "alert-success") + return view_client_uri + + flash("Client key already exists.", "alert-warning") + return view_client_uri + + @admin.route("/edit-client", methods=["POST"]) @is_admin def edit_client(): diff --git a/gn_auth/templates/admin/view-oauth2-client.html b/gn_auth/templates/admin/view-oauth2-client.html index 97993e8..38e48c7 100644 --- a/gn_auth/templates/admin/view-oauth2-client.html +++ b/gn_auth/templates/admin/view-oauth2-client.html @@ -67,5 +67,63 @@ + +
JWK Thumbprint | +Actions | +
---|---|
{{sslkey.thumbprint()}} | ++ + | +
+ There are no registered SSL keys for this client. + | +